.\" Man page generated from reStructuredText.
.
.TH "KNIFE-SSL-CHECK" "1" "Chef 12.0" "" "knife ssl check"
.SH NAME
knife-ssl-check \- The man page for the knife ssl check subcommand.
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.sp
The \fBknife ssl check\fP subcommand is used to verify the SSL configuration for the Enterprise Chef and/or Open Source Chef servers, or at another location specified by a URL or URI.
.sp
\fBWARNING:\fP
.INDENT 0.0
.INDENT 3.5
When verification of a remote server\(aqs SSL certificate is disabled, the chef\-client will issue a warning similar to "SSL validation of HTTPS requests is disabled. HTTPS connections are still encrypted, but the chef\-client is not able to detect forged replies or man\-in\-the\-middle attacks." To configure SSL for the chef\-client, set \fBssl_verify_mode\fP to \fB:verify_peer\fP (recommended) \fBor\fP \fBverify_api_cert\fP to \fBtrue\fP in the client.rb file.
.UNINDENT
.UNINDENT
.sp
\fBSyntax\fP
.sp
This subcommand has the following syntax:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
$ knife ssl check URI
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
\fBOptions\fP
.sp
This subcommand has the following options:
.INDENT 0.0
.TP
.B \fB\-a SSH_ATTR\fP, \fB\-\-attribute SSH_ATTR\fP
The attribute that is used when opening the SSH connection. The default attribute is the FQDN of the host. Other possible values include a public IP address, a private IP address, or a hostname.
.TP
.B \fB\-A\fP, \fB\-\-forward\-agent\fP
Use to enable SSH agent forwarding.
.TP
.B \fB\-c CONFIG_FILE\fP, \fB\-\-config CONFIG_FILE\fP
The configuration file to use.
.TP
.B \fB\-C NUM\fP, \fB\-\-concurrency NUM\fP
The number of allowed concurrent connections.
.TP
.B \fB\-\-chef\-zero\-port PORT\fP
The port on which chef\-zero will listen.
.TP
.B \fB\-\-[no\-]color\fP
Use to view colored output.
.TP
.B \fB\-d\fP, \fB\-\-disable\-editing\fP
Use to prevent the $EDITOR from being opened and to accept data as\-is.
.TP
.B \fB\-\-defaults\fP
Use to have knife use the default value instead of asking a user to provide one.
.TP
.B \fB\-e EDITOR\fP, \fB\-\-editor EDITOR\fP
The $EDITOR that is used for all interactive commands.
.TP
.B \fB\-E ENVIRONMENT\fP, \fB\-\-environment ENVIRONMENT\fP
The name of the environment. When this option is added to a command, the command will run only against the named environment.
.TP
.B \fB\-F FORMAT\fP, \fB\-\-format FORMAT\fP
The output format: \fBsummary\fP (default), \fBtext\fP, \fBjson\fP, \fByaml\fP, and \fBpp\fP\&.
.TP
.B \fB\-G GATEWAY\fP, \fB\-\-ssh\-gateway GATEWAY\fP
The SSH tunnel or gateway that is used to run a bootstrap action on a machine that is not accessible from the workstation.
.TP
.B \fB\-h\fP, \fB\-\-help\fP
Shows help for the command.
.TP
.B \fB\-i IDENTITY_FILE\fP, \fB\-\-identity\-file IDENTIFY_FILE\fP
The SSH identity file used for authentication. Key\-based authentication is recommended.
.TP
.B \fB\-k KEY\fP, \fB\-\-key KEY\fP
The private key that knife will use to sign requests made by the API client to the Chef server\&.
.TP
.B \fB\-m\fP, \fB\-\-manual\-list\fP
Use to define a search query as a space\-separated list of servers. If there is more than one item in the list, put quotes around the entire list. For example: \fB\-\-manual\-list "server01 server 02 server 03"\fP
.TP
.B \fB\-\-[no\-]host\-key\-verify\fP
Use \fB\-\-no\-host\-key\-verify\fP to disable host key verification. Default setting: \fB\-\-host\-key\-verify\fP\&.
.TP
.B \fBOTHER\fP
The shell type. Possible values: \fBinteractive\fP, \fBscreen\fP, \fBtmux\fP, \fBmacterm\fP, or \fBcssh\fP\&. (\fBcsshx\fP is deprecated in favor of \fBcssh\fP\&.)
.TP
.B \fB\-p PORT\fP, \fB\-\-ssh\-port PORT\fP
The SSH port.
.TP
.B \fB\-P PASSWORD\fP, \fB\-\-ssh\-password PASSWORD\fP
The SSH password. This can be used to pass the password directly on the command line. If this option is not specified (and a password is required) knife will prompt for the password.
.TP
.B \fB\-\-print\-after\fP
Use to show data after a destructive operation.
.TP
.B \fB\-s URL\fP, \fB\-\-server\-url URL\fP
The URL for the Chef server\&.
.TP
.B \fBSEARCH_QUERY\fP
The search query used to return a list of servers to be accessed using SSH and the specified \fBSSH_COMMAND\fP\&. This option uses the same syntax as the search sub\-command.
.TP
.B \fBSSH_COMMAND\fP
The command that will be run against the results of a search query.
.TP
.B \fB\-u USER\fP, \fB\-\-user USER\fP
The user name used by knife to sign requests made by the API client to the Chef server\&. Authentication will fail if the user name does not match the private key.
.TP
.B \fB\-v\fP, \fB\-\-version\fP
The version of the chef\-client\&.
.TP
.B \fB\-V\fP, \fB\-\-verbose\fP
Set for more verbose outputs. Use \fB\-VV\fP for maximum verbosity.
.TP
.B \fB\-x USER_NAME\fP, \fB\-\-ssh\-user USER_NAME\fP
The SSH user name.
.TP
.B \fB\-y\fP, \fB\-\-yes\fP
Use to respond to all confirmation prompts with "Yes". knife will not ask for confirmation.
.TP
.B \fB\-z\fP, \fB\-\-local\-mode\fP
Use to run the chef\-client in local mode. This allows all commands that work against the Chef server to also work against the local chef\-repo\&.
.UNINDENT
.sp
\fBExamples\fP
.sp
The following examples show how to use this knife subcommand:
.sp
\fBVerify the SSL configuration for the Chef server\fP
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
$ knife ssl check
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
\fBVerify the SSL configuration for the chef\-client\fP
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
$ knife ssl check \-c /etc/chef/client.rb
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
\fBVerify an external server\(aqs SSL certificate\fP
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
$ knife ssl check URL_or_URI
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
for example:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
$ knife ssl check https://www.getchef.com
.ft P
.fi
.UNINDENT
.UNINDENT
.SH AUTHOR
Chef
.\" Generated by docutils manpage writer.
.
